Splunk expert review: Big data analytics and cybersecurity

1 min. read


Splunk gathers, indexes, and correlates any type of data in real-time to generate graphs, dashboards, warnings, and reports – fulfilling businesses’ management needs since 2003. Splunk transforms machine data into valuable insights.

As a tool, Splunk falls perfectly into the trend towards Big Data. Did you know that 90% of all the data available today was created in the last two years? Deriving insights and formulating actions from this data isn’t just an optional extra anymore. It’s essential.Large companies have been quick to seize the cyber security benefits of Splunk, to allow them to deal effectively with large amounts of data originating from firewalls. Have we been hacked? Are there any internal threats coming from within my company? If so, where are they? How do we detect, block, or stop an attack? How quickly can we do that?

But Splunk doesn’t just benefit businesses in terms of cybersecurity. Thanks to Splunk’s solutions, you can also harness data on commercial performance, marketing results, and Internet of Things connectivity. That makes Splunk a promising and universal tool for managers who want to make timely, impactful decisions based on data.

Splunk for Big Data analytics and Cyber Security management

With such a versatile range of applications, more and more companies are discovering the potential of this revolutionary tool. Splunk can analyse data from commonly used applications and solutions to suggest action points for security measures. And Splunk does exactly the same with Artificial Intelligence, Machine Learning, automation, and a large amount of other data from applications, servers, networks, sensors, connected objects, mobile devices, and more. Splunk has some encouraging developments over the coming years that will deliver more and more opportunities, including for SMEs, start-ups and scaleups.

So it’s time for all organisations – from start-ups, scaleups and SMEs to large corporations – to capitalise on the huge quantities of data out there. By 2021, the Big Data industry is expected to be worth $67 bn. Thanks to Splunk’s state-of-the-art tools, companies can take advantage of this potential in an accessible and relatively simple way.

Why did you choose Splunk?

Pierre Olivier Kaplan, Network Security Engineer at Infradata Group (Nomios), explains why Splunk is such an important tool in his field. "Personally, I was convinced of the benefits of Splunk from the outset, because it covers such a wide spectrum of domains. That comes down to four major benefits, starting with the infrastructure.

After the customer’s needs and the anticipated volume of logs are defined, Splunk produces an ‘invitation’ to build on servers within the proper architecture. The second benefit relates to processing the log data, since Splunk collects and displays data from different sources. Because each data source generally has its own structure, some research is required. That is rather challenging, because ultimately the goal is to provide only information from various data sources that is relevant to the specific customer. Realising the full benefits of Splunk therefore means you need to make sure you’re properly prepared when it comes to data sources and data flow management."

"The data gathered needs to be relevant to obtain good insights and answers to security issues." - Pierre-Olivier Kaplan, Network Security Engineer at Infradata

"The third benefit is that Splunk requires specific development work and is more system-orientated. That might sound unappealing, but because I completed a training programme and enjoy developing myself, I have to say that I do like this aspect. Splunk’s approach is a very interesting one, because we need to develop applications and visualizations, or even scripts, which will enable customers to gather the relevant data needed to obtain good insights and answers to security issues.

Finally, the fourth aspect is the Splunk community. As Big Data technology is a very broad field, you need to familiarise yourself with, and even master, the various aspects of IT and data-orientated professions. The great thing about Splunk is that it has a large community of specialists who are more than happy to help each other.

This also makes Splunk a useful tool for finding information and support quickly. That’s a crucial aspect as far as I am concerned, especially for a program like Splunk that offers so many good solutions for complex matters."

Can you tell us more about the Splunk interface?

"Despite its highly advanced capabilities, the Splunk interface is intuitive and easy to use. Other products essentially amount to a black box; the dashboards might look pretty, but you never really know how the data is being processing and visualised. With Splunk, it’s the exact opposite.

Everything is transparent and adaptable, and whatever happens, you’ll never suddenly find yourself blocked out. That is a fundamental benefit. Another advantage is that, with more and more companies turning to Splunk, increasingly effective APIs are available that are immediately ready for use. That includes all the features that are needed to process data and display specific information that businesses need, such as on app performance and data flows."

What type of businesses is Splunk suitable for?

"Splunk is very popular with banks, insurance companies, manufacturers, and large companies in general. This is partly because Splunk can secure an entire infrastructure and create a large number of logs. Thanks to the Splunk licensing model, the tool is also suitable for SMEs, which tend to process a lot less data. But they still use the tools in the same way and get the same range of features as their larger counterparts. I think that’s why start-ups and scaleups will be interested in using Splunk.

The possibilities of Big Data analysis with Splunk are also worth mentioning. The value of the mass of data that has remained untapped thus far can now be harnessed. Splunk is capable of meeting your specific business needs by providing activity reports, structured sales and marketing data, and more. Once you have the data, Splunk can basically do anything, for any type of business."

How do you support customers in integrating the Splunk solution?

"The first fundamental step is to define a specific vision for the scope of the data you want to gather. Then we can gauge the infrastructure as best as possible and build on the basis of the number of servers to be set up, the bandwidth properties, quantity of licences, and so on. By determining the details of what the customer wants to do with Splunk in advance, the solution can produce the concrete added value that customers are looking for.

Companies, however large or small, must bear in mind that thorough preparation is a priority. We offer support by asking questions about internal needs. This could include the expected volume of logs to be monitored – the data to be tracked in real time – such as all events logged through the firewall or application events.

Then we usually start by implementing a Proof of Concept (POC) to test with an initial server that is installed on-site. This collects the initial customer data. At the same time, we develop the first visualisation applications. Where possible, we work within a broader infrastructure, with additional servers and a cluster of various types of data. To replicate realistic performance times of data transactions, we need to ask more questions: Does the data need to be stored? Do we need to manage a retention log? And are there any archiving restrictions?

Once the infrastructure is in place, we will continue to work on the data and creating new applications, so you get all the information you need. Then we provide extensive documentation and training, so that internal teams can manage Splunk in full.

This Infradata model ensures that customers can use the tool with complete autonomy. For more complex applications or solutions, we provide bespoke technical support and expertise. That is the crucial added value that Infradata delivers in relation to Splunk."

How much expertise do you have on Splunk solutions? Could you give some examples of installations?

"In terms of expertise, Infradata is Splunk’s focus partner. That means that we have direct access to the platform and new developments. We work closely with Splunk engineers and organise training sessions for our customers. At Infradata, we have 12 people with a technical Splunk certification.

When it comes to Splunk, our mission is clear: we provide integration, audits, application development, data processing, high-level training, and complete installation of Splunk solutions.

We deployed Splunk for 35 different companies in 2017. Demand is steadily increasing, and we have noticed more and more companies are interested in combining this technology with Big Data.

At trade fairs, it’s easy to see that Splunk is getting the lion’s share of attention, by highlighting the possibilities that stretch far beyond IT security. Some of our clients discovered Splunk when looking for a security solution, but they soon realised there is also a huge potential when it comes to Big Data. That meant that they later developed their own business applications. Splunk enabled one of our clients, a large French hotel group, to visualise current room occupation on maps in real time using connection logs that were collected."

How do you use Splunk yourself?

"Now it is so simple for businesses to bring together a large variety of data ​​to create business applications. We use Splunk within the company to track the number of support tickets as well as the time it takes to resolve them. In addition, we use Splunk to monitor the SLA and other statistics that are inherent in our service. With Splunk, we can also produce reports about what is happening on social networks. For us as a company, it’s a fantastic, rewarding tool we have at our disposal."

Sign up for our newsletter

Get the latest security news, insights and market trends delivered to your inbox.


More updates